The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and previous versions for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ryan davis ruby parser 2.2.0 |
||
ryan davis ruby parser 3.0.0.a6 |
||
ryan davis ruby parser 3.0.4 |
||
ryan davis ruby parser 3.0.0.a7 |
||
ryan davis ruby parser 3.0.1 |
||
ryan davis ruby parser 3.0.0 |
||
ryan davis ruby parser 3.0.0.a8 |
||
ryan davis ruby parser 3.0.0.a2 |
||
ryan davis ruby parser 2.0.1 |
||
ryan davis ruby parser 2.3.1 |
||
ryan davis ruby parser 3.0.0.a5 |
||
ryan davis ruby parser 3.0.0.a3 |
||
ryan davis ruby parser 2.0.3 |
||
ryan davis ruby parser 3.0.3 |
||
ryan davis ruby parser 2.0.6 |
||
ryan davis ruby parser 1.0.0 |
||
ryan davis ruby parser 3.0.2 |
||
ryan davis ruby parser 3.0.0.a9 |
||
ryan davis ruby parser 2.3.0 |
||
ryan davis ruby parser 3.0.0.a10 |
||
ryan davis ruby parser |
||
ryan davis ruby parser 2.0.0 |
||
ryan davis ruby parser 3.1.0 |
||
ryan davis ruby parser 2.0.2 |
||
ryan davis ruby parser 2.0.5 |
||
ryan davis ruby parser 3.0.0.a1 |
||
ryan davis ruby parser 2.0.4 |
||
ryan davis ruby parser 3.0.0.a4 |
||
ryan davis ruby parser 2.1.0 |
Vulmon